Malware writers take many approaches to produce malware that evades detection. Their products continue to infect computer systems worldwide. Many malware detection systems look for distinct signatures of known malware files. Yet, hackers often modify previously detected malware by adding new code, which alters the signature. One method of detecting malware involves emulation, in which a suspect file is emulated in a safe environment. Another method of detecting malware involves execution of a suspect file in a “sandbox”. However, emulation and operation in a sandbox are time-consuming and are typically used for testing individual examples of suspected malware, after which a signature is developed. They are presently impractical for detecting and screening massive amounts of malware. Therefore, there is a need in the art for a solution which overcomes the drawbacks described above.